Ransomware is a type of malware from crypto virology that threatens to publish the victim’s personal data or permanently block access to it unless a ransom is paid.
A white hat hacker recently developed a working “Ransomware” strain that encrypts cloud email accounts like Office 365 in real-time. A scary thought when so many organisations trust the cloud and software manufacturers like Microsoft to keep their information secure. KnowBe4’s Chief Hacking Officer (and widely known as the worlds greatest hacker) Kevin Mitnick has produced a live demo to watch the ransomware work below.
According to Kevin, the proof of concept has been around for a while, and is on the horizon; because if a white hat can create it, so can a black hat. This strain uses a smart social engineering tactic to trick the user into giving the bad guys access to their cloud email account, with the appearance of a “new Microsoft anti-spam service”. Once the user clicks “accept”, all email and attachments are encrypted in real-time! The ransomcloud attack will work for any cloud email provider that allows an application giving control over the email via oauth. With Google it will work if the app passes their verification process. Outlook 365 doesn’t verify the app at this point, so it makes Microsoft users much more vulnerable to this type of attack.
Source: KnowBe4 Unusual Ransomware Strain Encrypts Cloud Email Real Time
